Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• Twenty-five
Jacksonville, Florida-area residents and two others were charged November 25 in
an alleged false compensation scheme that defrauded a BP oil spill compensation
fund of more than $1 million. – Florida Times-Union

1.November 26, Florida Times-Union – (Florida) 27
indicted in fraud case from 2010 BP oil spill; most from Jacksonville area. The
U.S. Attorney’s Office announced that 25 Jacksonville-area residents and 2
others were charged November 25 in an alleged scheme to defraud a BP oil spill
compensation fund of more than $1 million by claiming they were employees of
businesses affected by the 2010 oil spill following the explosion of the
Deepwater Horizon oil rig in the Gulf of Mexico off Louisiana. Source: http://jacksonville.com/news/crime/2014-11-25/story/27-jacksonville-area-residents-indicted-fraud-case-2010-bp-oil-spill

• DeKalb Hospital in
Auburn, Indiana, resumed normal operations November 24 after halting all
admissions for 2 days after Legionnaire’s Disease bacteria was found in the
hospital water supply following the death of a patient who tested positive for
the bacteria. – Associated Press; Auburn Star

15. November 25, Associated Press; Auburn Star –
(Indiana) Indiana hospital resumes admissions after scare. DeKalb
Hospital in Auburn, Indiana, resumed normal operations November 24 after
halting all admissions for 2 days while it sanitized its water system after
tests confirmed the bacteria that causes Legionnaire’s disease was in the hospital’s
water following the death of a patient who tested positive for the bacteria.
Source: http://www.bellinghamherald.com/2014/11/25/3993922_indiana-hospital-resumes-admissions.html

• A former patient
registration specialist at Parkland Memorial Hospital in Dallas pleaded guilty
November 25 to stealing the personal information of more than 3,000 patients to
recruit customers for his own business. – Dallas Morning News

2. November
25, U.S. Securities and Exchange Commission – (Missouri) SEC charges
former Solutia executive with insider trading. The U.S. Securities and
Exchange Commission filed charges in the U.S. District Court for the Eastern
District of Missouri against the former CEO of Solutia Inc., November 25 for
allegedly using insider information ahead of the company’s acquisition by Eastman
Chemical Company to make illicit profits of $104,391. The former CEO agreed to
settle the charges and was required to pay $104,391 in disgorgement, another
$104,391 in a penalty, and $8,371.71 in interest as well as being barred from
serving as an officer and director of a public company. Source: http://www.sec.gov/litigation/litreleases/2014/lr23142.htm

3. November
25, U.S. Securities and Exchange Commission – (International) SEC
charges HSBC’s Swiss private banking unit with providing unregistered services
to U.S. clients. HSBC’s Switzerland-based private banking arm, HSBC Private
Bank (Suisse), agreed to admit wrongdoing and paid $12.5 million to settle U.S.
Securities and Exchange Commission charges that the entity violated federal
securities laws by failing to register with the SEC before providing
international investment advice and brokerage services to U.S. clients. Source:
http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370543534789

Information Technology Sector

24. November
26, IDG News Service – (International) Hacking Team surveillance malware masquerades
as legitimate bookmark manager. The developers of the Detekt tool reported
that the Remote Control System (RCS) surveillance malware developed and sold by
Italian company Hacking Team was found disguised as the legitimate Linkman
bookmark management application. The certificate signing the malware was found in
two fake Linkman samples containing RCS as well as in a third malware sample,
and the certificate was revoked by its issuing authority. Source: http://www.networkworld.com/article/2852753/hacking-team-surveillance-malware-masquerades-as-legitimate-bookmark-manager.html

25. November
26, Securityweek – (International) DoS vulnerability found in MatrikonOPC Server
for DNP3. MatrikonOPC released updates for its OPC Server for DNP3
industrial connectivity devices to close a denial of service (DoS)
vulnerability which could be exploited remotely by an attacker to cause a loop
in the application until manually restarted. The product is used in industries
including the energy and chemical sectors and users were advised to update
their installations or use a workaround until the patch can be applied. Source:
http://www.securityweek.com/dos-vulnerability-found-matrikonopc-server-dnp3

26. November
25, Securityweek – (International) Adobe patches Flash Player to add additional
protection against attack. Adobe released an out-of-band patch for its
Flash Player software as a precaution to protect users after the Angler exploit
kit was found to target a vulnerability in Flash Player that may not have been
patched during the most recent scheduled patch release. Source: http://www.securityweek.com/adobe-patches-flash-player-add-additional-protection-against-attack

27. November
25, SC Magazine – (International) DroidJack RAT hits hacker forums, comes from
legitimate app developers. Symantec researchers reported that formerly
legitimate app developers created a new remote access tool (RAT) for Android
dubbed DroidJack and have put the malware up for sale on underweb forums. The
malware includes several features, including access to compromised devices’
cameras, contact, GPS data, and the ability to listen to voice conversations.
Source: http://www.scmagazine.com/droidjack-rat-posted-for-sale-online/article/385281/

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"